Deeplinks Blog posts about Online Behavioral Tracking

Advertising network Turn announced today that they will suspend their zombie tracking cookie program. Turn was recently caught using Verizon Wireless' invasive UIDH header to undelete tracking cookies that web visitors had previously deleted. This unacceptable practice means that users who delete cookies to avoid Turn's and others' tracking will continue to be tracked against their will, using information associated with their previous activity through a permanent identity.

2014 has seen a flurry of events surrounding the issues of privacy and security when it comes to mobile devices. Here are some highlights.

EFF started the year by releasing HTTPS Everywhere on Firefox for Android. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.

Oversight boards and congressional subcommittees can occasionally be effective, but nothing keeps the government in check like investigative reporting. Here are eight stories about surveillance that made our jaws drop this year:

Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.

Facebook scolded the Drug Enforcement Administration this week after learning that a narcotics agent had impersonated a user named Sondra Arquiett on the social network in order to communicate and gather intelligence on suspects. In a strongly worded letter to DEA head Michele Leonhart, Facebook’s Chief Security Officer Joe Sullivan reiterated that not only did the practice explicitly violate the site’s terms of service, but threatened Facebook’s trust-based social ecosystem.

Sullivan writes:

Facebook has long made clear that law enforcement authorities are subject to these policies. We regard the conduct to be a knowing and serious breach of Facebook’s terms and policies, and the account created by the agent in the Arquiett matter has been disabled.